• linkedin
  • Increase Font
  • Sharebar

    10 ways to spot phishing attacks on your practice

    Phishing is big business — don't take the bait.

    In the last year, phishing attacks have seen a meteoric rise as attackers continue to refine tactics and share successful types of attacks.

    In particular, they’ve taken advantage of the malware-as-a-service offerings on the dark web in order to increase the efficiency and volume of attacks. In fact, 91 percent of cyberattacks and their resulting data breaches now begin with what’s known as a spear phishing email message. As a result, dental offices should take the time to learn to recognize phishing to protect critical data.

    Related article: Why cybersecurity is critical for dental practices

    We often associate phishing with cybercrimes that relate to online banking: crooks send an email luring you to a website that’s a visual clone of your bank’s login page, where you enter your credentials into a phony form and drop them right into the criminals’ laps.

    Taking login information in phishing attackBut phishing covers more than just fake banking sites and links to life-enhancing pills or package deliveries: it’s really just about dangling bait in front of you and waiting for you to swallow it, providing them with useful and valuable information.

    Phishing campaigns are generally more successful when they use contextually relevant lures, and between 2013 and 2015, phishing attack trends followed consistent and predictable patterns. During each of these three years, phishing attacks tended to increase from month to month before finally surging in the fourth quarter of each year, during the holiday seasons.

    However, this wasn’t the case in 2016. Instead of peaking at the end of the year, phishing attacks crested in the middle of the year, with localized spikes in attacks that took advantage of regionally specific events or periods of fear and anxiety. For example, uncertainty around the United Kingdom Brexit vote was exploited to target government departments in May and June 2016. In the United States, tax return season saw IRS-themed attacks increase by 400 percent over previous years.

    As mentioned, phishing covers more than just fake banking emails and package delivery alerts; it’s about convincing you to provide something valuable to the attackers. And what started off as simply “phishing” has now developed into three branches of attacks: the classics, mass phishing and spear phishing, and the recently emerging trend of the Business Email Compromise tactic acting as a subset of spear phishing.

    Related article: 6 myths about data encryption

    Mass phishing

    These attacks are largely opportunistic, taking advantage of a company’s brand name to try and lure the brand’s customers to spoofed sites where they’re tricked into parting with credit card information, login credentials and other personal information that will be later resold for financial gain.

    • Targets the assets of individuals
    • Typically consumers of a brand’s products or services
    • Impersonal batch and blast
    • Focused on stealing personal data, such as login credentials

    Up next: How to spot phishing attacks

    Dr. Lorne Lavine
    Dr. Lorne Lavine, founder and president of Dental Technology Consultants, has more than 30 years invested in the dental and dental ...


    Add Comment
    • No comments available